[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 26 21:13:54 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
382d6ed2 by Moritz Muehlenhoff at 2023-07-26T22:13:16+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73,17 +73,17 @@ CVE-2023-39174 (In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possib
CVE-2023-39173 (In JetBrains TeamCity before 2023.05.2 a token with limited permission ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2023-39130 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap bu ...)
- - gdb <unfixed>
+ - gdb <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30641
- TODO: check details
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-39129 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap us ...)
- - gdb <unfixed>
+ - gdb <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30640
- TODO: check details
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-39128 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack o ...)
- - gdb <unfixed>
+ - gdb <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
- TODO: check details
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-38555 (Authentication bypass vulnerability in Fujitsu network devices Si-R se ...)
NOT-FOR-US: Fujitsu network devices
CVE-2023-38503 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -85813,6 +85813,7 @@ CVE-2022-32189 (A too-short encoded message can cause a panic in Float.GobDecode
- golang-1.18 1.18.5-1
- golang-1.17 1.17.13-1
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
NOTE: https://go.dev/issue/53871
@@ -85917,6 +85918,7 @@ CVE-2022-32148 (Improper exposure of client IP addresses in net/http before Go 1
- golang-1.18 1.18.4-1
- golang-1.17 1.17.13-1
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
NOTE: https://github.com/golang/go/issues/53423
@@ -144286,8 +144288,14 @@ CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite
[buster] - pdftk-java <no-dsa> (Minor issue)
- pdftk 2.02-5
- libitext-java <unfixed>
+ [bookworm] - libitext-java <no-dsa> (Minor issue)
+ [bullseye] - libitext-java <no-dsa> (Minor issue)
- libitext1-java <unfixed>
+ [bookworm] - libitext1-java <no-dsa> (Minor issue)
+ [bullseye] - libitext1-java <no-dsa> (Minor issue)
- libitext5-java <unfixed>
+ [bookworm] - libitext5-java <no-dsa> (Minor issue)
+ [bullseye] - libitext5-java <no-dsa> (Minor issue)
NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21
NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9 (v3.3.0)
NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/9b0cbb76c8434a8505f02ada02a94263dcae9247 (v3.3.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/382d6ed28384a98a00745ca2d2647ab82cb9c929
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/382d6ed28384a98a00745ca2d2647ab82cb9c929
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230726/ea06a04e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list